155714Skris/* crypto/dsa/dsa.h */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 8296465Sdelphij * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15296465Sdelphij * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 22296465Sdelphij * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 37296465Sdelphij * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40296465Sdelphij * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 52296465Sdelphij * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5755714Skris */ 5855714Skris 5955714Skris/* 6055714Skris * The DSS routines are based on patches supplied by 6155714Skris * Steven Schoch <schoch@sheba.arc.nasa.gov>. He basically did the 6255714Skris * work and I have just tweaked them a little to fit into my 6355714Skris * stylistic vision for SSLeay :-) */ 6455714Skris 6555714Skris#ifndef HEADER_DSA_H 66296465Sdelphij# define HEADER_DSA_H 6755714Skris 68296465Sdelphij# include <openssl/e_os2.h> 69160814Ssimon 70296465Sdelphij# ifdef OPENSSL_NO_DSA 71296465Sdelphij# error DSA is disabled. 72296465Sdelphij# endif 7355714Skris 74296465Sdelphij# ifndef OPENSSL_NO_BIO 75296465Sdelphij# include <openssl/bio.h> 76296465Sdelphij# endif 77296465Sdelphij# include <openssl/crypto.h> 78296465Sdelphij# include <openssl/ossl_typ.h> 79160814Ssimon 80296465Sdelphij# ifndef OPENSSL_NO_DEPRECATED 81296465Sdelphij# include <openssl/bn.h> 82296465Sdelphij# ifndef OPENSSL_NO_DH 83296465Sdelphij# include <openssl/dh.h> 84296465Sdelphij# endif 85296465Sdelphij# endif 8655714Skris 87296465Sdelphij# ifndef OPENSSL_DSA_MAX_MODULUS_BITS 88296465Sdelphij# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 89296465Sdelphij# endif 90162911Ssimon 91296465Sdelphij# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 92194206Ssimon 93296465Sdelphij# define DSA_FLAG_CACHE_MONT_P 0x01 94296465Sdelphij/* 95296465Sdelphij * new with 0.9.7h; the built-in DSA implementation now uses constant time 96296465Sdelphij * modular exponentiation for secret exponents by default. This flag causes 97296465Sdelphij * the faster variable sliding window method to be used for all exponents. 98296465Sdelphij */ 99296465Sdelphij# define DSA_FLAG_NO_EXP_CONSTTIME 0x02 10055714Skris 101296465Sdelphij/* 102296465Sdelphij * If this flag is set the DSA method is FIPS compliant and can be used in 103296465Sdelphij * FIPS mode. This is set in the validated module method. If an application 104296465Sdelphij * sets this flag in its own methods it is its reposibility to ensure the 105296465Sdelphij * result is compliant. 106194206Ssimon */ 107194206Ssimon 108296465Sdelphij# define DSA_FLAG_FIPS_METHOD 0x0400 109194206Ssimon 110296465Sdelphij/* 111296465Sdelphij * If this flag is set the operations normally disabled in FIPS mode are 112194206Ssimon * permitted it is then the applications responsibility to ensure that the 113194206Ssimon * usage is compliant. 114194206Ssimon */ 115194206Ssimon 116296465Sdelphij# define DSA_FLAG_NON_FIPS_ALLOW 0x0400 117194206Ssimon 118296465Sdelphij# ifdef OPENSSL_FIPS 119296465Sdelphij# define FIPS_DSA_SIZE_T int 120296465Sdelphij# endif 121194206Ssimon 12268651Skris#ifdef __cplusplus 12368651Skrisextern "C" { 12468651Skris#endif 12568651Skris 126160814Ssimon/* Already defined in ossl_typ.h */ 127160814Ssimon/* typedef struct dsa_st DSA; */ 128160814Ssimon/* typedef struct dsa_method DSA_METHOD; */ 12959191Skris 130296465Sdelphijtypedef struct DSA_SIG_st { 131296465Sdelphij BIGNUM *r; 132296465Sdelphij BIGNUM *s; 133296465Sdelphij} DSA_SIG; 13459191Skris 135296465Sdelphijstruct dsa_method { 136296465Sdelphij const char *name; 137296465Sdelphij DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa); 138296465Sdelphij int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, 139296465Sdelphij BIGNUM **rp); 140296465Sdelphij int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len, 141296465Sdelphij DSA_SIG *sig, DSA *dsa); 142296465Sdelphij int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, 143296465Sdelphij BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, 144296465Sdelphij BN_MONT_CTX *in_mont); 145296465Sdelphij /* Can be null */ 146296465Sdelphij int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, 147296465Sdelphij const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 148296465Sdelphij int (*init) (DSA *dsa); 149296465Sdelphij int (*finish) (DSA *dsa); 150296465Sdelphij int flags; 151296465Sdelphij char *app_data; 152296465Sdelphij /* If this is non-NULL, it is used to generate DSA parameters */ 153296465Sdelphij int (*dsa_paramgen) (DSA *dsa, int bits, 154296465Sdelphij unsigned char *seed, int seed_len, 155296465Sdelphij int *counter_ret, unsigned long *h_ret, 156296465Sdelphij BN_GENCB *cb); 157296465Sdelphij /* If this is non-NULL, it is used to generate DSA keys */ 158296465Sdelphij int (*dsa_keygen) (DSA *dsa); 159296465Sdelphij}; 16059191Skris 161296465Sdelphijstruct dsa_st { 162296465Sdelphij /* 163296465Sdelphij * This first variable is used to pick up errors where a DSA is passed 164296465Sdelphij * instead of of a EVP_PKEY 165296465Sdelphij */ 166296465Sdelphij int pad; 167296465Sdelphij long version; 168296465Sdelphij int write_params; 169296465Sdelphij BIGNUM *p; 170296465Sdelphij BIGNUM *q; /* == 20 */ 171296465Sdelphij BIGNUM *g; 172296465Sdelphij BIGNUM *pub_key; /* y public key */ 173296465Sdelphij BIGNUM *priv_key; /* x private key */ 174296465Sdelphij BIGNUM *kinv; /* Signing pre-calc */ 175296465Sdelphij BIGNUM *r; /* Signing pre-calc */ 176296465Sdelphij int flags; 177296465Sdelphij /* Normally used to cache montgomery values */ 178296465Sdelphij BN_MONT_CTX *method_mont_p; 179296465Sdelphij int references; 180296465Sdelphij CRYPTO_EX_DATA ex_data; 181296465Sdelphij const DSA_METHOD *meth; 182296465Sdelphij /* functional reference if 'meth' is ENGINE-provided */ 183296465Sdelphij ENGINE *engine; 184296465Sdelphij}; 18555714Skris 186296465Sdelphij# define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x) 187296465Sdelphij# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ 188296465Sdelphij (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) 189296465Sdelphij# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ 190296465Sdelphij (unsigned char *)(x)) 191296465Sdelphij# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) 192296465Sdelphij# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) 19355714Skris 194296465SdelphijDSA_SIG *DSA_SIG_new(void); 195296465Sdelphijvoid DSA_SIG_free(DSA_SIG *a); 196296465Sdelphijint i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); 197296465SdelphijDSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); 19855714Skris 199296465SdelphijDSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); 200296465Sdelphijint DSA_do_verify(const unsigned char *dgst, int dgst_len, 201296465Sdelphij DSA_SIG *sig, DSA *dsa); 20255714Skris 203109998Smarkmconst DSA_METHOD *DSA_OpenSSL(void); 20459191Skris 205296465Sdelphijvoid DSA_set_default_method(const DSA_METHOD *); 206109998Smarkmconst DSA_METHOD *DSA_get_default_method(void); 207296465Sdelphijint DSA_set_method(DSA *dsa, const DSA_METHOD *); 20859191Skris 209296465Sdelphij# ifdef OPENSSL_FIPS 210296465SdelphijDSA *FIPS_dsa_new(void); 211296465Sdelphijvoid FIPS_dsa_free(DSA *r); 212296465Sdelphij# endif 213194206Ssimon 214296465SdelphijDSA *DSA_new(void); 215296465SdelphijDSA *DSA_new_method(ENGINE *engine); 216296465Sdelphijvoid DSA_free(DSA *r); 217109998Smarkm/* "up" the DSA object's reference count */ 218296465Sdelphijint DSA_up_ref(DSA *r); 219296465Sdelphijint DSA_size(const DSA *); 220296465Sdelphij /* next 4 return -1 on error */ 221296465Sdelphijint DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); 222296465Sdelphijint DSA_sign(int type, const unsigned char *dgst, int dlen, 223296465Sdelphij unsigned char *sig, unsigned int *siglen, DSA *dsa); 224296465Sdelphijint DSA_verify(int type, const unsigned char *dgst, int dgst_len, 225296465Sdelphij const unsigned char *sigbuf, int siglen, DSA *dsa); 22659191Skrisint DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 227296465Sdelphij CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 22859191Skrisint DSA_set_ex_data(DSA *d, int idx, void *arg); 22959191Skrisvoid *DSA_get_ex_data(DSA *d, int idx); 23055714Skris 231296465SdelphijDSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); 232296465SdelphijDSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); 233296465SdelphijDSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); 234160814Ssimon 235160814Ssimon/* Deprecated version */ 236296465Sdelphij# ifndef OPENSSL_NO_DEPRECATED 237296465SdelphijDSA *DSA_generate_parameters(int bits, 238296465Sdelphij unsigned char *seed, int seed_len, 239296465Sdelphij int *counter_ret, unsigned long *h_ret, void 240296465Sdelphij (*callback) (int, int, void *), void *cb_arg); 241296465Sdelphij# endif /* !defined(OPENSSL_NO_DEPRECATED) */ 242160814Ssimon 243160814Ssimon/* New version */ 244296465Sdelphijint DSA_generate_parameters_ex(DSA *dsa, int bits, 245296465Sdelphij unsigned char *seed, int seed_len, 246296465Sdelphij int *counter_ret, unsigned long *h_ret, 247296465Sdelphij BN_GENCB *cb); 248160814Ssimon 249296465Sdelphijint DSA_generate_key(DSA *a); 250296465Sdelphijint i2d_DSAPublicKey(const DSA *a, unsigned char **pp); 251296465Sdelphijint i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); 252296465Sdelphijint i2d_DSAparams(const DSA *a, unsigned char **pp); 25355714Skris 254296465Sdelphij# ifndef OPENSSL_NO_BIO 255296465Sdelphijint DSAparams_print(BIO *bp, const DSA *x); 256296465Sdelphijint DSA_print(BIO *bp, const DSA *x, int off); 257296465Sdelphij# endif 258296465Sdelphij# ifndef OPENSSL_NO_FP_API 259296465Sdelphijint DSAparams_print_fp(FILE *fp, const DSA *x); 260296465Sdelphijint DSA_print_fp(FILE *bp, const DSA *x, int off); 261296465Sdelphij# endif 26255714Skris 263296465Sdelphij# define DSS_prime_checks 50 264296465Sdelphij/* 265296465Sdelphij * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of 266296465Sdelphij * Rabin-Miller 267296465Sdelphij */ 268296465Sdelphij# define DSA_is_prime(n, callback, cb_arg) \ 269296465Sdelphij BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) 27055714Skris 271296465Sdelphij# ifndef OPENSSL_NO_DH 272296465Sdelphij/* 273296465Sdelphij * Convert DSA structure (key or just parameters) into DH structure (be 274296465Sdelphij * careful to avoid small subgroup attacks when using this!) 275296465Sdelphij */ 276109998SmarkmDH *DSA_dup_DH(const DSA *r); 277296465Sdelphij# endif 27855714Skris 279296465Sdelphij# ifdef OPENSSL_FIPS 280194206Ssimonint FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig); 281194206Ssimonint FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen); 282296465Sdelphij# endif 283194206Ssimon 28455714Skris/* BEGIN ERROR CODES */ 285296465Sdelphij/* 286296465Sdelphij * The following lines are auto generated by the script mkerr.pl. Any changes 28755714Skris * made after this point may be overwritten when the script is next run. 28855714Skris */ 28989837Skrisvoid ERR_load_DSA_strings(void); 29055714Skris 29155714Skris/* Error codes for the DSA functions. */ 29255714Skris 29355714Skris/* Function codes. */ 294296465Sdelphij# define DSA_F_D2I_DSA_SIG 110 295296465Sdelphij# define DSA_F_DSAPARAMS_PRINT 100 296296465Sdelphij# define DSA_F_DSAPARAMS_PRINT_FP 101 297296465Sdelphij# define DSA_F_DSA_BUILTIN_KEYGEN 119 298296465Sdelphij# define DSA_F_DSA_BUILTIN_PARAMGEN 118 299296465Sdelphij# define DSA_F_DSA_DO_SIGN 112 300296465Sdelphij# define DSA_F_DSA_DO_VERIFY 113 301296465Sdelphij# define DSA_F_DSA_GENERATE_PARAMETERS 117 302296465Sdelphij# define DSA_F_DSA_NEW_METHOD 103 303296465Sdelphij# define DSA_F_DSA_PRINT 104 304296465Sdelphij# define DSA_F_DSA_PRINT_FP 105 305296465Sdelphij# define DSA_F_DSA_SET_DEFAULT_METHOD 115 306296465Sdelphij# define DSA_F_DSA_SET_METHOD 116 307296465Sdelphij# define DSA_F_DSA_SIGN 106 308296465Sdelphij# define DSA_F_DSA_SIGN_SETUP 107 309296465Sdelphij# define DSA_F_DSA_SIG_NEW 109 310296465Sdelphij# define DSA_F_DSA_VERIFY 108 311296465Sdelphij# define DSA_F_I2D_DSA_SIG 111 312296465Sdelphij# define DSA_F_SIG_CB 114 31355714Skris 31455714Skris/* Reason codes. */ 315296465Sdelphij# define DSA_R_BAD_Q_VALUE 102 316296465Sdelphij# define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 317296465Sdelphij# define DSA_R_KEY_SIZE_TOO_SMALL 106 318296465Sdelphij# define DSA_R_MISSING_PARAMETERS 101 319296465Sdelphij# define DSA_R_MODULUS_TOO_LARGE 103 320296465Sdelphij# define DSA_R_NON_FIPS_METHOD 104 321296465Sdelphij# define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105 32255714Skris 32355714Skris#ifdef __cplusplus 32455714Skris} 32555714Skris#endif 32655714Skris#endif 327